The professional, friendly Java community. 21,500 members and growing!

The Java Programming Forums are a community of Java programmers from all around the World. Our members have a wide range of skills and they all have one thing in common: A passion to learn and code Java. We invite beginner Java programmers right through to Java professionals to post here and share your knowledge. Become a part of the community, help others, expand your knowledge of Java and enjoy talking with like minded people. Registration is quick and best of all free. We look forward to meeting you.

Password Hash - Brute Force Test - SHA-1

Hi.

So i have some password hashes for example:

c2543fff3bfa6f144c2f06a7de6cd10c0b650cae

The input of the program is one of these hashed codes. What i need to do is use SHA-1 to get the original password and print it out to the user. I am really stuck, so far i have just declared all my password hashes as Strings. Is this right or should they be HexStrings ? Byte Arrays ? Char Arrays ? I am really not sure.

I have been on to the Wiki page for SHA-1 but i can't really see any formula's to calculate the password.

Am i also right in saying the format of these hashed passwords is hexadecimal ?

Re: Password Hash - Brute Force Test - SHA-1

Lol no, its a school task.

I should add:

This should be done using Brute Force Test. I think i might be reading the wrong stuff and going down the wrong routes. I am seeing a lot of MessageDigest.getInstance("SHA-1") . Do you think this is used ?

Re: Password Hash - Brute Force Test - SHA-1

Originally Posted by KevinWorkman

You wouldn't be attempting anything nefarious, would you?

My thoughts exactly.

Hash algorithms are just that - they are not like encryption which can be encoded and decoded. More often than not, they are one way (eg password -> hash) and there is reasoning behind this. Attempts to decode them will immediately raise suspicion.

Oh wait, maybe that's not right. Are you sure the exercise wasn't to *guess* the password? That would be a nice undergrad exercise. For that you'd need to write some kind of loop (you could alternatively make random guesses) which generated candidate password strings, transform them with SHA-1 (you will need the fragment of code you posted earlier) and then compare the output to your given hash. If that is the exercise, then I would go with a loop counting up from zero, a character set and a mapping of count to candidate password (Integer.toString(int, int) might be your friend here). Don't run that code on a shared server. If you've got a multi-core PC (who hasn't these days? I bought a FX-8120 recently, coretastic), you could consider chunking the job and multi-threading it. Do it for personal satisfaction, not because it'll increase your chances from hopeless to hopeless-but-with-more-fan-noise.

Re: Password Hash - Brute Force Test - SHA-1

Brute force SHA-1? Call me in 130,000 years when you get the result
School assignments to crack a Caesar cipher, or generate hashes would be plausible, but I highly doubt that brute force cracking would be handed out to pupils.

Either your tutor wanted to abuse you free labour to supply him with rainbow tables or this isn't a school assignment